On 04/25/2014 10:27 AM, olli hauer wrote:
On 2014-04-25 15:25, Pat Riehecky wrote:
On 04/24/2014 04:21 PM, Orion Poplawski wrote:
On 10/17/2013 02:27 PM, Connie Sieh wrote:
---------- Forwarded message ----------
Date: Thu, 17 Oct 2013 15:25:39 -0500
From: Connie Sieh <[email protected]>
To: [email protected]
Subject: Software Collections 1.0 is available for SL 6
The following TUV "software collection" products are now available for SL 6.
A README with info about yum repos for these packages is available from
ftp://sldist.fnal.gov/linux/scientific/6x/external_products/softwarecollecti
ons/README
Any chance of yum-conf-softwarecollections ending up in the main SL repos?
That's an interesting idea. Lets take it to the devel list and see what people
think.
@me not subscribed to the devel@ list so giving my rant here.
The versions provided in softwarecollections have almost already known
vulnerabilities.
Picking only the latest CVE entires retrieved after softwarecollections publish
date.
php-5.4: CVE-2013-6420
postgresql: CVE-2014-0060 CVE-2014-0061 CVE-2014-0062 CVE-2014-0063
CVE-2014-0064 CVE-2014-0065 CVE-2014-0066 CVE-2014-0067
python27 / python33: CVE-2014-1912
ruby193: CVE-2013-4491 CVE-2013-6414 CVE-2013-6415 CVE-2013-6416 CVE-2013-6417
Until the collection gets more notice from upstream I don't think it is a good
idea to provide yum-conf-softwarecollection.
Yikes!
Any one report these CVEs to upstream to make sure they didn't get
misplaced?
Pat
--
Pat Riehecky
Scientific Linux developer
http://www.scientificlinux.org/
